What is TISAX® and How We Can Help?
TISAX®, or Trusted Information Security Assessment Exchange, is an information security standard (ISA) for the automotive sector that was established by the VDA, Association of the Automotive Industry. The standard is based on the ISO/IEC 27001 and ISO/IEC 27002 standards adapted to the automotive business. Compliance Aspekte offers a software solution and consulting services for TISAX® assessment that is flexible and adaptable to individual requirements, protection levels, and best practices.
Benefits of TISAX® certification for your Speak to our expert
- Stand out as a reliable partner for OEM manufacturers and suppliers
- Save time and budget by avoiding multiple information security assessments
- Reduce risk with a risk management system
- Facilitate collaboration and grow sales
- Benefit from the unified standard for information security across the automotive industry
- Conduct maturity assessment of the information security controls in the company.
- Raise employees’ awareness about information security
Our Services for TISAX®
Compliance tool for the TISAX® certification
Audit and Consulting for TISAX® assessment
We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process.
Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Compliance Aspekte.
Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.
One of the features we like best about Compliance Aspekte is its streamlined compliance process. The interface has a clean and structured design, ensuring usability and workflow speed. This not only results in a steep learning curve for new users but also lets experienced users minimize effort. At every stage during the security management lifecycle process, recurring tasks like scoping, structural analysis, modeling, and even tracking risks and controls are supported by a variety of features, e.g. mapping controls with multiple requirements, assigning individual assets to different scopes as well as expanding requirement and control catalogs. On top of that, the performance of the platform is great - it is stable and good in terms of speed efficiency. Having Helga, the compliance assistance bot, is also a very special plus as she can explain terms and provides guidance through the application. We really love and live Compliance Aspekte!
Constantly evolving regulations such as BSI IT-Grundschutz and GDPR are a must for us as a healthcare organization.
As critical infrastructure providers, we need reliable and customizable compliance software. It was easy to adapt Compliance Aspekte to our processes. We can assess our clinic’s areas and processes in terms of security and data privacy. Besides, it enabled us to maintain a complete compliance record for the BSI IT-Grundschutz and GDPR (DSGVO) audit.
Enjoy the TISAX® VDA EXCEL-like Dashboards
The target maturity levels per chapter are visualized by the green line.
To prepare for a TISAX® assessment, your maturity levels in the blue section should be by or above this line.
Your organization is ready for the TISAX® assessment if your result score (“Result with cutback to target maturity levels”) is close to ‘3.0’.
For the TISAX® certification, you need to conduct a self-assessment based on the ISA by finding out whether your ISMS matches the expected maturity level in the “Information Security Assessment” tabs.
Compliance Aspekte dashboard rates the maturity level of your information security management system per question.
Closer Look at How TISAX® Assessment Works
ISA incorporates significant aspects of ISO 27001 with additional criteria applicable to the automotive industry, i.e., prototype protection. The assessments are shared on the TISAX® VDA ISA catalog, granting transparency and simplicity to all the companies involved. They can select an audit provider and get standardized ISA results that other participants in the automotive industry accept.
TISAX® Assessment Levels and Protection Needs
TISAX® defines three assessment levels and three levels of protection: normal, high, and very high.
TISAX® assessment level 1 – normal protection need. It is not used in TISAX® but can be implemented for internal purposes in the true sense of a self-assessment. An assessor checks if a completed self-assessment exists but does not examine its content. Can be requested by your partner for a self-evaluation outside of TISAX®.
TISAX® Assessment level 2 – high protection need. Evaluation is carried out by an audit organization with the self-assessment as a basis, documents, and a phone interview.
TISAX® level 3 – a very high protection need. An independent audit company does the assessment based on documentation and an onsite audit.
5 steps on the way to TISAX® certification
Simplify your TISAX® Compliance with Compliance Aspekte
- The new catalog is fully implemented in Compliance Aspekte and is easy to work with. It contains the requirements from the spreadsheets “Information security,“ “Data protection“ and “Prototype protection” grouped in corresponding modules. Each requirement/control question is assessed by assigning levels of maturity.
- The TISAX® requirements are displayed granularly and can be assessed separately. This helps to make the evaluation easier and more transparent, and crucially simplifies the decision-making process regarding the maturity level.
- The criticality of each requirement (must, should, high) and its implementation status is visible. This feature makes it much easier to answer the control question if you see that e.g., all related requirements are implemented. You can go into details and see further information on the requirement, such as a responsible person, documents and tasks assigned, and individually added information. The implementation of requirements can be supported by the creation of corresponding tasks or by adding individual controls. You also have the possibility to conduct a self-assessment.
- The assessment results of each topic can be seen on a dashboard. This way you always know at what point you are now.
- Compliance Aspekte allows you to succeed in TISAX® assessments in one place and track progress easily.
- Our tool for the TISAX® certification also supports a PDCA cycle, so it can help get certified and continuously improve your ISMS.
- One solution for all standards: with Compliance Aspekte it’s possible to manage multiple standards within a single system, and thus share the efforts, and understand dependencies, current statuses, and other aspects.
Compliance Aspekte Launches Version 9.2 with Innovative Features for Enhanced IT Security and Compliance
Introducing Release 9.1, Compliance Aspekte announces the release of new features.
Risk is an unavoidable aspect of modern business, with both internal and external factors posing significant challenges to companies of any size or nature. A company’s ability to manage and reduce these risks is crucial to achieving success.
While countless gigabytes of private data end up scattered across on-site, cloud, hybrid, and third-party systems, data privacy laws continue to grant broad rights to personal data owners. Now users can request to get a copy or update it, ask to have their data deleted or restricted. What will the future of privacy be like?
Organizations are taking a risk-based approach to information security and compliance that enables them to bypass the need for an in-depth evaluation and analysis of every new threat. It introduces a systematic risk analysis management that aims to foresee new threats and take preventative action.
Try for free
Benefit of free usage of the Compliance Aspekte for 3 months to find out how the solution can optimize and streamline your compliance management.
TISAX is based on the essential requirements of ISO 27001, the internationally recognized standard for information security, and adapted solely for the automotive sector. ISO 27001 is applicable across all industries and depicts requirements, rules, and methods for ensuring information security within a company.
With a special compliance tool in place, you will be spared all the inconveniences and multiple issues you have when working with Excel.
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.